HUD OCIO should a) resolve the conflicts between its Inventory of Automated Systems (IAS) policy and web applications policy to clarify if web applications will be inventories in IAS, the web application Sharepoint site, or both; and b) implement the chosen resolution to this conflict to develop a consistent inventory of web applications (IG FISMA metric 1).
Publication Report
2024-OE-0002 | October 29, 2024
HUD FY 2024 Federal Information Security Modernization Act (FISMA) Evaluation Report
The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB)… moreRelated Recommendations
Chief Information Officer
- Status2024-OE-0002-02OpenClosed
HUD OCIO should implement an automated governance, risk, and compliance tool to manage risk from all sources across the three tiers of the organization in a timely manner. This recommendation updates FY 2021 FISMA recommendation number 5 (IG FISMA metrics 5, 9, and 10).
- Status2024-OE-0002-03OpenClosed
HUD OCIO should employ automation to maintain a timely and accurate view of security configuration information for all systems connected to its network (IG FISMA metric 20).
- Status2024-OE-0002-04OpenClosed
HUD OCIO should demonstrate that it can implement its defined security responses if a baseline configuration is changed without authorization. This can be shown by either a response to a real incident if one happens or through a testing exercise if there are no applicable incidents (IG FISMA metric 23).
- Status2024-OE-0002-05OpenClosed
HUD OCIO should review its security training program and determine whether it should provide general cybersecurity awareness training to external users of its systems and data (IG FISMA metric 44).